Prisma AIRS
Customizing Security Groups
Table of Contents
Customizing Security Groups
Learn how to create, modify, and delete model security groups in Prisma AIRS AI Model
Security to configure security rules for protecting your AI models.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Create a Model Security Group
You can create a model security group through the Strata Cloud Manager user
interface, the Python SDK, or the CLI.
Create using
CLI
model-security create-security-group \ --name "Production S3 Policy" \ --source-type S3 \ --description "Security group for production S3 models" \ --rule-configurations '{}'
Create using Python
SDK
from model_security_client.api import ModelSecurityAPIClient from model_security_client.generated.mgmt.models.ModelSecurityGroupCreateRequestSchema import ModelSecurityGroupCreateRequestSchema client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) group = client.create_security_group( data=ModelSecurityGroupCreateRequestSchema( name="Production S3 Policy", source_type="S3", description="Security group for production S3 models", rule_configurations={} ) ) print(f"Created security group: {group.uuid}")
Create using Strata Cloud Manager
To create a new model security group, follow these steps:
- Log in to Strata Cloud Manager.Navigate to the and Create a Group.
![]()
Enter the Group Name and select the Model Source type from the drop-down list. Optionally, configure the security rules that appear and add a description.(Optional) Configure the compatible security rules by enabling or blocking the rule.Add a Description for the Model Security Group.![]()
Save Changes.Modify a Model Security Group
You can modify a model security group through the Strata Cloud Manager user interface, the Python SDK, or the CLI.Modify using CLImodel-security update-security-group \ --uuid "12345678-1234-1234-1234-123456789012" \ --name "Updated Name" \ --description "Updated description"Modify using Python SDKfrom model_security_client.generated.mgmt.models.ModelSecurityGroupUpdateRequestSchema import ModelSecurityGroupUpdateRequestSchema group = client.update_security_group( uuid="12345678-1234-1234-1234-123456789012", data=ModelSecurityGroupUpdateRequestSchema( name="Updated Name", description="Updated description" ) )Modify using Strata Cloud ManagerTo modify a security group's name or description, select the pencil iconadjacent to the group name. To change the existing security group's rules, click directly on the group name.![]()
Each rule can be in one of the three states:Rule State State Description Enabled and blocking This rule will always be evaluated and, if violated, will cause the scan to fail and the Model Security CLI to exit with an error code.Enabled and not blocking This rule will always be evaluated, but violations will not affect the overall scan result. The evaluation will still be recorded for future reference.Disabled This rule will not be evaluated when in this state.Delete a Model Security Group
You can delete a model security group through the Strata Cloud Manager user interface, the Python SDK, or the CLI.Delete using CLImodel-security delete-security-group --uuid "12345678-1234-1234-1234-123456789012"Delete using Python SDKclient.delete_security_group(uuid="12345678-1234-1234-1234-123456789012")Delete using Strata Cloud ManagerTo delete a model security group, select the trash iconnext to its name, and then confirm the deletion.![]()
![]()
